Sears Settles With FTC Over Spyware Charge

By cwaltersJune 5, 2009

In 2007 and 2008, Sears invited select customers to join the exclusive “My SHC Community,” which involved installing an app that would monitor online browsing in exchange for $10. The app was called spyware by researchers and the FTC, because the data it collected on customers included “details from their online shopping, bank statements, drug-prescription records, video rentals, library-borrowing histories, even the names and addresses of their e-mail correspondents,” as well as “data about the users’ computers, printers, and other devices.”

The FTC charged that Sears had misled consumers about the degree to which it was collecting data. Sears argued that the devil was in the details of the lengthy user agreement, but has agreed that if it does it again, it will “clearly and prominently” disclose the full breadth of any data collection attempts. All the data has been destroyed.

As usual in settlements like this, Sears officially admits no wrongdoing.

@nato0519: While various methods would allow a certain level of information such as types of web sites, and for amazon obviously whatever you’ve bought through them. It’s somewhat harder to get people’s financials, or their ordering history for non-affiliated sites without installing some sort of software on a person’s computer.

With so much crap like this be pushed down to computers… and the risky behaviour of most users when it comes to protecting their computers and data… I have decided that it makes more sense to install a program like DeepFreeze from [www.faronics.com] to protect computer users.

DeepFreeze protects your computer by restoring it to a predeturmined state every time you reboot it. So all changes to the system, all viruses, all spyware, all the stupid stuff websites leave on your system are gone when the system is rebooted. Yes, there are provisions for keeping the system updated… etc.

It costs as much each year as Symantec AV or Mcafee… and of course you wouldn’t bother installing them with it. This is another benefit since AV software slows your machine down.

Save your data to a stick or other HDD and surf the web with impunity…

@GreatWhiteNorth: And what about files? What about programs that people wish to install? And if it allows you keep programs what about the programs that people allow and trust but are malware in disguise like the Sears application?

I can’t believe someone actually thought that this was a good idea. Idiots.

On a slightly different note – I think these massive EULAs are soon going to be a thing of the past. No one reads them, partially because no one can understand them. I’m in law school and I can make sense of the stupid things, but most of them are exactly the same. Every now and then something different will drop.

This issue with Sears is actually a good case study for the fact that oftentimes EULAs are legally indefensible, and just plain stupid. There is a serious movement going for there to be two types of legal documents now. The one with all of the legalese (which does have its purpose – making sure all the loopholes are closed) and one that spells things out in plain english so that the client can understand just what’s going on. Not to mention the issues with shrink-wrap EULAs that say you agree to the EULA by opening the package. Most of the time the EULA is inside the package so you are not even given the opportunity to read what you are agreeing to. There are several countries (not the US though) that have ruled that consumers CANNOT be bound by shrink-wrap EULAs as there is really no good opportunity for the consumer to read and understand it.

@Donathius: I think the problem is that people don’t care enough about them until someone pulls crap like this, and the ones that like the current system are the ones that rely on sneaking unethical behavior and hoping nobody reads it. Really, I can only hope those guys become identifiable because they’re the only ones left using the lengthy EULAs.

Personally, I’d like to see them move more into templates. I mean, I can see the Creative Commons logo and pretty much know what I can do with it.

As a side note, even if they do move to plain english, that doesn’t mean they won’t try to screw you over. Look up “Tokyopop rising stars contract” as an example of how they can use it against you.

I agree that pretty much all EULAs and TOSs are pretty much the same. They more or less say that the company can do anything they like and there’s nothing the consumer can do about it. I don’t believe many people read them. I know I don’t. It all comes down to this: are you going to use the software (service, credit card, etc) or not? If you are, you just go ahead and sign. My bank sends me four or five changes in TOS every year which I can agree to by continuing to use their service or opt out by closing my account. I have better things to do than try to decipher the legalese in these things every other month.

I think that if a few enterprising companies put out a EULA or TOS that was short, simple, easy to understand and fair to both parties, the other companies would be forced to follow suit or lose business.

@Coyote: No, of course not. Why would a huge corporation gather and sell customer information? I’m mean, it’s not like there is any money to be made. I bet you think Chevy is going to start building quality cars, too…

@JeffMc: You know just once, I wish some big company when they get busted like this would stand up and say “yeah ok, we screwed and made a mistake, we apologize to all our customers and business partners.”

The point of “admitting no wrongdoing” is that the feds get the company to stop doing the bad thing right away, and it doesn’t open the company up to a huge lawsuit because they admitted it. The feds want the company to stop now, but if they wanted the company to be found guilty of something, that is going to take years to go through the courts, meanwhile the company won’t necessarily change its behavior. In order to get the companies to more quickly stop their bad behavior, the feds offer that the company stop their bad behavior and not suffer and repercussions. If the company admits wrongdoing, lawsuits are sure to follow, and so it would not be in the company’s best interests to settle and admit wrongdoing.

@KylieH: For those people concerned about data harvesting and the FBI: stay the hell off of Facebook and Myspace! Social networking sites send all data to government agencies. And no, I’m not a conspiracy theorist; this is a proven fact.